La app de Google Home integra un mando a distancia para controlar tu Google TV y Android TV desde el móvil

La app de Google Home integra un mando a distancia para controlar tu Google TV y Android TV desde el móvil

A partir de hoy tenemos una nueva forma para acceder al nuevo mando a distancia de Google TV y Android TV que desde hace menos de dos meses integra ahora la mayoría de dispositivos Android. Ya no solo está disponible en la aplicación Google TV sino que también está disponible la aplicación de Google para controlar el hogar.

Si no tienes un televisor o dispositivo con Google TV, como el Chromecast en casa ya no hace falta que tengas que tener instalada la aplicación Google TV en tu móvil para poder controlar tu Android TV. Ahora con la aplicación Google Home también podrás hacerlo.

Continue reading

Microsoft Patch Tuesday, November 2021 Edition

Microsoft Corp. today released updates to quash at least 55 security bugs in its Windows operating systems and other software. Two of the patches address vulnerabilities that are already being used in active attacks online, and four of the flaws were disclosed publicly before today — potentially giving adversaries a head start in figuring out how to exploit them.

Among the zero-day bugs is CVE-2021-42292, a “security feature bypass” problem with Microsoft Excel versions 2013-2021 that could allow attackers to install malicious code just by convincing someone to open a booby-trapped Excel file (Microsoft says Mac versions of Office are also affected, but several places are reporting that Office for Mac security updates aren’t available yet).

Microsoft’s revised, more sparse security advisories don’t offer much detail on what exactly is being bypassed in Excel with this flaw. But Dustin Childs over at Trend Micro’s Zero Day Initiative says the vulnerability is likely due to loading code that should be limited by a user prompt — such as a warning about external content or scripts — but for whatever reason that prompt does not appear, thus bypassing the security feature.

The other critical flaw patched today that’s already being exploited in the wild is CVE-2021-42321, yet another zero-day in Microsoft Exchange Server. You may recall that earlier this year a majority of the world’s organizations running Microsoft Exchange Servers were hit with four zero-day attacks that let thieves install backdoors and siphon email.

As Exchange zero-days go, CVE-2021-42321 appears somewhat mild by comparison. Unlike the four zero-days involved in the mass compromise of Exchange Server systems earlier this year, CVE-2021-42321 requires the attacker to be already authenticated to the target’s system. Microsoft has published a blog post/FAQ about the Exchange zero-day here.

Two of the vulnerabilities that were disclosed prior to today’s patches are CVE-2021-38631 and CVE-2021-41371. Both involve weaknesses in Microsoft’s Remote Desktop Protocol (RDP, Windows’ built-in remote administration tool) running on Windows 7 through Windows 11 systems, and on Windows Server 2008-2019 systems. The flaws let an attacker view the RDP password for the vulnerable system.

“Given the interest that cybercriminals — especially ransomware initial access brokers — have in RDP, it is likely that it will be exploited at some point,” said Allan Liska, senior security architect at Recorded Future.

Liska notes this month’s patch batch also brings us CVE-2021-38666, which is a Remote Code Execution vulnerability in the Windows RDP Client.

“This is a serious vulnerability, labeled critical by Microsoft,” Liska added. “In its Exploitability Assessment section Microsoft has labelled this vulnerability ‘Exploitation More Likely.’ This vulnerability affects Windows 7 – 11 and Windows Server 2008 – 2019 and should be a high priority for patching.”

For most Windows home users, applying security updates is not a big deal. By default, Windows checks for available updates and is fairly persistent in asking you to install them and reboot, etc. It’s a good idea to get in the habit of patching on a monthly basis, ideally within a few days of patches being released.

But please do not neglect to backup your important files — before patching if possible. Windows 10 has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once. There are also a number of excellent third-party products that make it easy to duplicate your entire hard drive on a regular basis, so that a recent, working image of the system is always available for restore.

And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide.

If you experience any glitches or problems installing patches this month, please consider leaving a comment about it below; there’s a better-than-even  chance other readers have experienced the same and may offer useful tips or suggestions.

Further reading:

SANS Internet Storm Center rundown on each of the 55 patches released today, indexed by exploitability and severity, with links to each advisory.

from Krebs on Security

Google Nest Hub (2 gen) mejora el Sensor de Sueño y alarga su vista previa gratuita hasta 2023

Google Nest Hub (2 gen) mejora el Sensor de Sueño y alarga su vista previa gratuita hasta 2023

Una de las principales novedades de la segunda generación de la pantalla inteligente Nest Hub es su Sensor de sueño, una característica que es capaz de detectar el movimiento y el sonido para analizar nuestro sueño y que en primavera se anunció que iba a ser gratuita hasta este otoño, pero hoy tenemos buenas noticias para sus usuarios.

Google ha anunciado importantes novedades para el Sensor de Sueño de su Nest Hub (2ª generación). Por un lado llegan mejoras durante la monitorización y estadísticas del sueño, y por otro lado, novedades sobre su vista previa gratuita además de su futuro plan de precios.

Continue reading

Qué es SafetyNet, para qué sirve y cómo saber si mi móvil pasa el test

Qué es SafetyNet, para qué sirve y cómo saber si mi móvil pasa el test

SafetyNet es un sistema de protección integrado en Android del cual no necesitas saber nada hasta que hay un problema con él y algunas aplicaciones dejan de funcionar. Veremos qué es esto de SafetyNet y para qué sirve.

Primero veremos qué es exactamente este test de seguridad y para qué se usa, para después contarte cómo puedes ver si tu móvil pasa el test y qué casos pueden provocar que un móvil no pase el test.

Continue reading